Module Awso_cloudfront_asyncSource

Contains a list of cookie names.

A CloudFront function that is associated with a cache behavior in a CloudFront distribution.

A complex type that contains a Lambda@Edge function association.

An origin in an origin group.

A complex type that contains HeaderName and HeaderValue elements, if any, for this distribution.

An HTTP response header name and its value. CloudFront includes this header in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.

The name of an HTTP header that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.

A complex type that controls whether CloudFront caches the response to requests using the specified HTTP methods. There are two choices: CloudFront caches responses to GET and HEAD requests. CloudFront caches responses to GET, HEAD, and OPTIONS requests. If you pick the second choice for your Amazon S3 Origin, you may need to forward Access-Control-Request-Method, Access-Control-Request-Headers, and Origin headers for the responses to be cached correctly.

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. If you want to include cookies in the cache key, use CookiesConfig in a cache policy. See CachePolicy. If you want to send cookies to the origin but not include them in the cache key, use CookiesConfig in an origin request policy. See OriginRequestPolicy. A complex type that specifies whether you want CloudFront to forward cookies to the origin and, if so, which ones. For more information about forwarding cookies to the origin, see Caching Content Based on Cookies in the Amazon CloudFront Developer Guide.

Contains a list of HTTP header names.

This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. If you want to include query strings in the cache key, use QueryStringsConfig in a cache policy. See CachePolicy. If you want to send query strings to the origin but not include them in the cache key, use QueryStringsConfig in an origin request policy. See OriginRequestPolicy. A complex type that contains information about the query string parameters that you want CloudFront to use for caching for a cache behavior.

A complex data type for the status codes that you specify that, when returned by a primary origin, trigger CloudFront to failover to a second origin.

Configures mutual TLS authentication between CloudFront and your origin server.

A complex type that contains information about the SSL/TLS protocols that CloudFront can use when establishing an HTTPS connection with your origin.

Session stickiness provides the ability to define multiple requests from a single viewer as a single session. This prevents the potentially inconsistent experience of sending some of a given user's requests to your staging distribution, while others are sent to your primary distribution. Define the session duration using TTL values.

Contains a list of query string names.

The configuration for a string schema.

A list of HTTP header names that CloudFront includes as values for the Access-Control-Allow-Headers HTTP response header. For more information about the Access-Control-Allow-Headers HTTP response header, see Access-Control-Allow-Headers in the MDN Web Docs.

A list of HTTP methods that CloudFront includes as values for the Access-Control-Allow-Methods HTTP response header. For more information about the Access-Control-Allow-Methods HTTP response header, see Access-Control-Allow-Methods in the MDN Web Docs.

A list of origins (domain names) that CloudFront can use as the value for the Access-Control-Allow-Origin HTTP response header. For more information about the Access-Control-Allow-Origin HTTP response header, see Access-Control-Allow-Origin in the MDN Web Docs.

A list of HTTP headers that CloudFront includes as values for the Access-Control-Expose-Headers HTTP response header. For more information about the Access-Control-Expose-Headers HTTP response header, see Access-Control-Expose-Headers in the MDN Web Docs.

The policy directives and their values that CloudFront includes as values for the Content-Security-Policy HTTP response header. For more information about the Content-Security-Policy HTTP response header, see Content-Security-Policy in the MDN Web Docs.

Determines whether CloudFront includes the X-Content-Type-Options HTTP response header with its value set to nosniff. For more information about the X-Content-Type-Options HTTP response header, see X-Content-Type-Options in the MDN Web Docs.

Determines whether CloudFront includes the X-Frame-Options HTTP response header and the header's value. For more information about the X-Frame-Options HTTP response header, see X-Frame-Options in the MDN Web Docs.

Determines whether CloudFront includes the Referrer-Policy HTTP response header and the header's value. For more information about the Referrer-Policy HTTP response header, see Referrer-Policy in the MDN Web Docs.

Determines whether CloudFront includes the Strict-Transport-Security HTTP response header and the header's value. For more information about the Strict-Transport-Security HTTP response header, see Strict-Transport-Security in the MDN Web Docs.

Determines whether CloudFront includes the X-XSS-Protection HTTP response header and the header's value. For more information about the X-XSS-Protection HTTP response header, see X-XSS-Protection in the MDN Web Docs.

The key value store association.

A complex data type that includes the field patterns to match for field-level encryption.

A field-level encryption content type profile.

Query argument-profile mapping for field-level encryption.

A complex type that controls which HTTP methods CloudFront processes and forwards to your Amazon S3 bucket or your custom origin. There are three choices: CloudFront forwards only GET and HEAD requests. CloudFront forwards only GET, HEAD, and OPTIONS requests. CloudFront forwards GET, HEAD, OPTIONS, PUT, PATCH, POST, and DELETE requests. If you pick the third choice, you may need to restrict access to your Amazon S3 bucket or to your custom origin so users can't perform operations that you don't want them to. For example, you might not want users to have permissions to delete objects from your origin.

This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide. This field is deprecated. We recommend that you use a cache policy or an origin request policy instead of this field. If you want to include values in the cache key, use a cache policy. For more information, see Creating cache policies in the Amazon CloudFront Developer Guide. If you want to send values to the origin but not include them in the cache key, use an origin request policy. For more information, see Creating origin request policies in the Amazon CloudFront Developer Guide. A complex type that specifies how CloudFront handles query strings, cookies, and HTTP headers.

A list of CloudFront functions that are associated with a cache behavior in a CloudFront distribution. Your functions must be published to the LIVE stage to associate them with a cache behavior.

Amazon CloudFront supports gRPC, an open-source remote procedure call (RPC) framework built on HTTP/2. gRPC offers bi-directional streaming and binary protocol that buffers payloads, making it suitable for applications that require low latency communications. To enable your distribution to handle gRPC requests, you must include HTTP/2 as one of the supported HTTP versions and allow HTTP methods, including POST. For more information, see Using gRPC with CloudFront distributions in the Amazon CloudFront Developer Guide.

A complex type that specifies a list of Lambda@Edge functions associations for a cache behavior. If you want to invoke one or more Lambda@Edge functions triggered by requests that match the PathPattern of the cache behavior, specify the applicable values for Quantity and Items. Note that there can be up to 4 LambdaFunctionAssociation items in this list (one for each possible value of EventType) and each EventType can be associated with only one function. If you don't want to invoke any Lambda@Edge functions for the requests that match PathPattern, specify 0 for Quantity and omit Items.

A list of key groups whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.

A list of Amazon Web Services accounts whose public keys CloudFront can use to verify the signatures of signed URLs and signed cookies.

A complex data type that includes information about the failover criteria for an origin group, including the status codes for which CloudFront will failover from the primary origin to the second origin.

A complex data type for the origins included in an origin group.

A complex type that contains the list of Custom Headers for each origin.

A custom origin. A custom origin is any origin that is not an Amazon S3 bucket, with one exception. An Amazon S3 bucket that is configured with static website hosting is a custom origin.

CloudFront Origin Shield. Using Origin Shield can help reduce the load on your origin. For more information, see Using Origin Shield in the Amazon CloudFront Developer Guide.

A complex type that contains information about the Amazon S3 origin. If the origin is a custom origin or an S3 bucket that is configured as a website endpoint, use the CustomOriginConfig element instead.

An Amazon CloudFront VPC origin configuration.

This configuration determines which HTTP requests are sent to the staging distribution. If the HTTP request contains a header and value that matches what you specify here, the request is sent to the staging distribution. Otherwise the request is sent to the primary distribution.

Contains the percentage of traffic to send to a staging distribution.

An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and in requests that CloudFront sends to the origin.

An object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and in requests that CloudFront sends to the origin.

An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and in requests that CloudFront sends to the origin.

An object that contains information about the parameter definition.

A configuration for a set of HTTP response headers that are used for cross-origin resource sharing (CORS). CloudFront adds these headers to HTTP responses that it sends for CORS requests that match a cache behavior associated with this response headers policy. For more information about CORS, see Cross-Origin Resource Sharing (CORS) in the MDN Web Docs.

A list of HTTP response header names and their values. CloudFront includes these headers in HTTP responses that it sends for requests that match a cache behavior that's associated with this response headers policy.

A list of HTTP header names that CloudFront removes from HTTP responses to requests that match the cache behavior that this response headers policy is attached to.

A configuration for a set of security-related HTTP response headers. CloudFront adds these headers to HTTP responses that it sends for requests that match a cache behavior associated with this response headers policy.

A configuration for enabling the Server-Timing header in HTTP responses sent from CloudFront. CloudFront adds this header to HTTP responses that it sends in response to requests that match a cache behavior that's associated with this response headers policy. You can use the Server-Timing header to view metrics that can help you gain insights about the behavior and performance of CloudFront. For example, you can see which cache layer served a cache hit, or the first byte latency from the origin when there was a cache miss. You can use the metrics in the Server-Timing header to troubleshoot issues or test the efficiency of your CloudFront configuration. For more information, see Server-Timing header in the Amazon CloudFront Developer Guide.

Contains information about the Amazon Kinesis data stream where you are sending real-time log data.

An object that determines whether any cookies in viewer requests (and if so, which cookies) are included in requests that CloudFront sends to the origin.

An object that determines whether any HTTP headers (and if so, which headers) are included in requests that CloudFront sends to the origin.

An object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in requests that CloudFront sends to the origin.

Complex data type for field-level encryption profiles that includes the encryption key and field pattern specifications.

A complex type that describes how CloudFront processes requests. You must create at least as many cache behaviors (including the default cache behavior) as you have origins if you want CloudFront to serve objects from all of the origins. Each cache behavior specifies the one origin from which you want CloudFront to get objects. If you have two origins and only the default cache behavior, the default cache behavior will cause CloudFront to get objects from one of the origins, but the other origin is never used. For the current quota (formerly known as limit) on the number of cache behaviors that you can add to a distribution, see Quotas in the Amazon CloudFront Developer Guide. If you don't want to specify any cache behaviors, include only an empty CacheBehaviors element. Don't specify an empty individual CacheBehavior element, because this is invalid. For more information, see CacheBehaviors. To delete all cache behaviors in an existing distribution, update the distribution configuration and include only an empty CacheBehaviors element. To add, change, or remove one or more cache behaviors, update the distribution configuration and specify all of the cache behaviors that you want to include in the updated distribution. If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers. For more information about cache behaviors, see Cache Behavior Settings in the Amazon CloudFront Developer Guide.

A complex type that controls: Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see Customizing Error Responses in the Amazon CloudFront Developer Guide.

An origin group includes two origins (a primary origin and a secondary origin to failover to) and a failover criteria that you specify. You create an origin group to support origin failover in CloudFront. When you create or update a distribution, you can specify the origin group instead of a single origin, and CloudFront will failover from the primary origin to the secondary origin under the failover conditions that you've chosen. Optionally, you can choose selection criteria for your origin group to specify how your origins are selected when your distribution routes viewer requests.

An origin. An origin is the location where content is stored, and from which CloudFront gets content to serve to viewers. To specify an origin: Use S3OriginConfig to specify an Amazon S3 bucket that is not configured with static website hosting. Use VpcOriginConfig to specify a VPC origin. Use CustomOriginConfig to specify all other kinds of origins, including: An Amazon S3 bucket that is configured with static website hosting An Elastic Load Balancing load balancer An Elemental MediaPackage endpoint An Elemental MediaStore container Any other HTTP server, running on an Amazon EC2 instance or any other kind of host For the current maximum number of origins that you can specify per distribution, see General Quotas on Web Distributions in the Amazon CloudFront Developer Guide (quotas were formerly referred to as limits).

The CloudFront domain name of the staging distribution.

The traffic configuration of your continuous deployment.

This object determines the values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find an object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

Configuration for an IPAM CIDR that defines a specific IP address range, IPAM pool, and associated Anycast IP address.

A list of CloudFront key pair identifiers.

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

A string that contains Tag key. The string length should be between 1 and 128 characters. Valid characters include a-z, A-Z, 0-9, space, and the special characters _ - . : / = + @.

A response headers policy configuration. A response headers policy configuration contains metadata about the response headers policy, and configurations for sets of HTTP response headers.

Contains information about the Amazon Kinesis data stream where you're sending real-time log data in a real-time log configuration.

An origin request policy configuration. This configuration determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following: The request body and the URL path (without the domain name) from the viewer request. The headers that CloudFront automatically includes in every origin request, including Host, User-Agent, and X-Amz-Cf-Id. All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront. CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use CachePolicy.

A key group configuration. A key group contains a list of public keys that you can use with CloudFront signed URLs and signed cookies.

The key value store associations.

Field-level encryption content type-profile.

Query argument-profile mapping for field-level encryption.

Amazon Web Services services in China customers must file for an Internet Content Provider (ICP) recordal if they want to serve content publicly on an alternate domain name, also known as a CNAME, that they've added to CloudFront. AliasICPRecordal provides the ICP recordal status for CNAMEs associated with distributions. The status is returned in the CloudFront response; you can't configure it yourself. For more information about ICP recordals, see Signup, Accounts, and Credentials in Getting Started with Amazon Web Services services in China.

A complex type that controls the countries in which your content is distributed. CloudFront determines the location of your users using MaxMind GeoIP databases.

A trust store configuration.

Contains the configuration for a continuous deployment policy.

A cache policy configuration. This configuration determines the following: The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache. If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers. The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

A list of Amazon Web Services accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

A list of identifiers for the public keys that CloudFront can use to verify the signatures of signed URLs and signed cookies.

A complex type that contains Tag key and Tag value.

A complex type that contains information about CNAMEs (alternate domain names), if any, for this distribution.

A complex type that contains information about the Amazon S3 bucket from which you want CloudFront to get your media files for distribution.

A response headers policy. A response headers policy contains information about a set of HTTP response headers. After you create a response headers policy, you can use its ID to attach it to one or more cache behaviors in a CloudFront distribution. When it's attached to a cache behavior, the response headers policy affects the HTTP headers that CloudFront includes in HTTP responses to requests that match the cache behavior. CloudFront adds or removes response headers according to the configuration of the response headers policy. For more information, see Adding or removing HTTP headers in CloudFront responses in the Amazon CloudFront Developer Guide.

An origin request policy. When it's attached to a cache behavior, the origin request policy determines the values that CloudFront includes in requests that it sends to the origin. Each request that CloudFront sends to the origin includes the following: The request body and the URL path (without the domain name) from the viewer request. The headers that CloudFront automatically includes in every origin request, including Host, User-Agent, and X-Amz-Cf-Id. All HTTP headers, cookies, and URL query strings that are specified in the cache policy or the origin request policy. These can include items from the viewer request and, in the case of headers, additional ones that are added by CloudFront. CloudFront sends a request when it can't find an object in its cache that matches the request. If you want to send values to the origin and also include them in the cache key, use CachePolicy.

A key group. A key group contains a list of public keys that you can use with CloudFront signed URLs and signed cookies.

Contains configuration information about a CloudFront function.

Contains metadata about a CloudFront function.

Complex data type for field-level encryption profiles that includes all of the encryption entities.

The configuration for a field-level encryption content type-profile mapping.

Configuration for query argument-profile mapping for field-level encryption.

A complex type that contains zero or more CacheBehavior elements.

A connection function association.

A complex type that controls: Whether CloudFront replaces HTTP status codes in the 4xx and 5xx range with custom error messages before returning the response to the viewer. How long CloudFront caches HTTP status codes in the 4xx and 5xx range. For more information about custom error pages, see Customizing Error Responses in the Amazon CloudFront Developer Guide.

A complex type that describes the default cache behavior if you don't specify a CacheBehavior element or if request URLs don't match any of the values of PathPattern in CacheBehavior elements. You must create exactly one default cache behavior. If your minimum TTL is greater than 0, CloudFront will cache content for at least the duration specified in the cache policy's minimum TTL, even if the Cache-Control: no-cache, no-store, or private directives are present in the origin headers.

A complex data type for the origin groups specified for a distribution.

Contains information about the origins for this distribution.

A complex type that identifies ways in which you want to restrict distribution of your content.

A complex type that determines the distribution's SSL/TLS configuration for communicating with viewers. If the distribution doesn't use Aliases (also known as alternate domain names or CNAMEs)—that is, if the distribution uses the CloudFront domain name such as d111111abcdef8.cloudfront.net—set CloudFrontDefaultCertificate to true and leave all other fields empty. If the distribution uses Aliases (alternate domain names or CNAMEs), use the fields in this type to specify the following settings: Which viewers the distribution accepts HTTPS connections from: only viewers that support server name indication (SNI) (recommended), or all viewers including those that don't support SNI. To accept HTTPS connections from only viewers that support SNI, set SSLSupportMethod to sni-only. This is recommended. Most browsers and clients support SNI. To accept HTTPS connections from all viewers, including those that don't support SNI, set SSLSupportMethod to vip. This is not recommended, and results in additional monthly charges from CloudFront. The minimum SSL/TLS protocol version that the distribution can use to communicate with viewers. To specify a minimum version, choose a value for MinimumProtocolVersion. For more information, see Security Policy in the Amazon CloudFront Developer Guide. The location of the SSL/TLS certificate, Certificate Manager (ACM) (recommended) or Identity and Access Management (IAM). You specify the location by setting a value in one of the following fields (not both): ACMCertificateArn IAMCertificateId All distributions support HTTPS connections from viewers. To require viewers to use HTTPS only, or to redirect them from HTTP to HTTPS, use ViewerProtocolPolicy in the CacheBehavior or DefaultCacheBehavior. To specify how CloudFront should use SSL/TLS to communicate with your custom origin, use CustomOriginConfig. For more information, see Using HTTPS with CloudFront and Using Alternate Domain Names and HTTPS in the Amazon CloudFront Developer Guide.

A viewer mTLS configuration.

The Certificate Manager (ACM) certificate associated with your distribution.

The customizations that you specified for the distribution tenant for geographic restrictions.

The WAF web ACL customization specified for the distribution tenant.

The details about the domain result.

A continuous deployment policy.

A cache policy. When it's attached to a cache behavior, the cache policy determines the following: The values that CloudFront includes in the cache key. These values can include HTTP headers, cookies, and URL query strings. CloudFront uses the cache key to find an object in its cache that it can return to the viewer. The default, minimum, and maximum time to live (TTL) values that you want objects to stay in the CloudFront cache. The headers, cookies, and query strings that are included in the cache key are also included in requests that CloudFront sends to the origin. CloudFront sends a request when it can't find a valid object in its cache that matches the request's cache key. If you want to send values to the origin but not include them in the cache key, use OriginRequestPolicy.

The configuration IPAM settings that includes the quantity of CIDR configurations and the list of IPAM CIDR configurations.

A complex type that controls whether access logs are written for this streaming distribution.

A complex type that specifies the HTTP header name from which CloudFront extracts cache tags from origin responses. When you add CacheTagConfig to a distribution, CloudFront reads the specified header from origin responses, parses the comma-separated tag values, and stores them with the cached object. You can then invalidate cached objects by tag using the CreateInvalidation API.

A complex type that specifies whether access logs are written for the distribution. If you already enabled standard logging (legacy) and you want to enable standard logging (v2) to send your access logs to Amazon S3, we recommend that you specify a different Amazon S3 bucket or use a separate path in the same bucket (for example, use a log prefix or partitioning). This helps you keep track of which log files are associated with which logging subscription and prevents log files from overwriting each other. For more information, see Standard logging (access logs) in the Amazon CloudFront Developer Guide.

This field only supports multi-tenant distributions. You can't specify this field for standard distributions. For more information, see Unsupported features for SaaS Manager for Amazon CloudFront in the Amazon CloudFront Developer Guide. The configuration for a distribution tenant.

A list of parameter values to add to the resource. A parameter is specified as a key-value pair. A valid parameter value must exist for any parameter that is marked as required in the multi-tenant distribution.

A summary of the CloudFront VPC origin.

A summary of the information for a CloudFront streaming distribution.

Contains a response headers policy.

A real-time log configuration.

Contains information about a public key.

Contains an origin request policy.

A CloudFront origin access control.

The key value store. Use this to separate data from function code, allowing you to update data without having to publish a new version of a function. The key value store holds keys and their corresponding values.

Contains information about a key group.

A summary of an invalidation request.

Contains configuration information and metadata about a CloudFront function.

The field-level encryption profile summary.

A summary of a field-level encryption item.

A summary of the information about a CloudFront distribution.

A structure that pairs a CloudFront distribution ID with its owning Amazon Web Services account ID.

Customizations for the distribution tenant. For each distribution tenant, you can specify the geographic restrictions, and the Amazon Resource Names (ARNs) for the ACM certificate and WAF web ACL. These are specific values that you can override or disable from the multi-tenant distribution that was used to create the distribution tenant.

A summary of the information about your continuous deployment policies.

An alias (also called a CNAME) and the CloudFront standard distribution and Amazon Web Services account ID that it's associated with. The standard distribution and account IDs are partially hidden, which allows you to identify the standard distributions and accounts that you own, and helps to protect the information of ones that you don't own.

Summary of the information about a CloudFront origin access identity.

Contains a cache policy.

An abbreviated version of the AnycastIpList structure. Omits the allocated static IP addresses (AnycastIpList$AnycastIps).

Contains details about the validation token.

A complex type that contains information about the objects that you want to invalidate. For more information, see Specifying the Objects to Invalidate in the Amazon CloudFront Developer Guide.

The DNS configuration for your domain names.

An Amazon CloudFront VPC origin endpoint configuration.

The CA certificates bundle location in Amazon S3.

A list of Amazon Web Services accounts and the active CloudFront key pairs in each account that CloudFront can use to verify the signatures of signed URLs and signed cookies.

The RTMP distribution's configuration information.

Configuration information about a public key that you can use with signed URLs and signed cookies, or with field-level encryption. CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.

A CloudFront origin access control configuration.

A complex data type of profiles for the field-level encryption.

A complex data type that includes the profile configurations specified for field-level encryption.

A list of key groups, and the public keys in each key group, that CloudFront can use to verify the signatures of signed URLs and signed cookies.

A distribution configuration.

A complex type that contains zero or more Tag elements.

The domain for the specified distribution tenant.

Origin access identity configuration. Send a GET request to the /CloudFront API version/CloudFront/identity ID/config resource.

A connection function summary.

A trust store summary.

Contains information about the domain conflict. Use this information to determine the affected domain, the related resource, and the affected Amazon Web Services account.

A summary of the information about a distribution tenant.

A summary that contains details about your connection groups.

A subscription configuration for additional CloudWatch metrics.

An invalidation batch.

Access denied.

The entity was not found.

An argument is invalid.

The entity cannot be updated while it is in use.

The entity already exists. You must provide a unique entity.

The entity limit has been exceeded.

The update contains modifications that are not allowed.

The value of Quantity and the size of Items don't match.

The If-Match version is missing or not valid.

The precondition in one or more of the request fields evaluated to false.

This operation is not supported in this Amazon Web Services Region.

An Amazon CloudFront VPC origin.

A trust store.

A CA certificates bundle source.

The CNAME specified is already defined for CloudFront.

The origin access control is not valid.

The origin access identity is not valid or doesn't exist.

This operation requires a body. Ensure that the body is present and the Content-Type header is set.

The specified streaming distribution does not exist.

A streaming distribution tells CloudFront where you want RTMP content to be delivered from, and the details about how to track and manage content delivery.

Your request contains more CNAMEs than are allowed per distribution.

Your request contains more trusted signers than are allowed per distribution.

One or more of your trusted signers don't exist.

The response headers policy does not exist.

A response headers policy with this name already exists. You must provide a unique name. To modify an existing response headers policy, use UpdateResponseHeadersPolicy.

The length of the Content-Security-Policy header value in the response headers policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The number of custom headers in the response headers policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The number of headers in RemoveHeadersConfig in the response headers policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The real-time log configuration does not exist.

You can't change the value of a public key.

The specified public key doesn't exist.

A public key that you can use with signed URLs and signed cookies, or with field-level encryption. CloudFront supports signed URLs and signed cookies with RSA 2048 or ECDSA 256 key signatures. Field-level encryption is only compatible with RSA 2048 key signatures.

The origin request policy does not exist.

An origin request policy with this name already exists. You must provide a unique name. To modify an existing origin request policy, use UpdateOriginRequestPolicy.

The number of cookies in the origin request policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The number of headers in the origin request policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The number of query strings in the origin request policy exceeds the maximum. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The origin access control does not exist.

A CloudFront origin access control, including its unique identifier.

An origin access control with the specified parameters already exists.

A key group with this name already exists. You must provide a unique name. To modify an existing key group, use UpdateKeyGroup.

A resource that was specified is not valid.

The number of public keys in this key group is more than the maximum allowed. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The function is too large. For more information, see Quotas (formerly known as limits) in the Amazon CloudFront Developer Guide.

The function does not exist.

A complex data type for field-level encryption profiles.

The specified profile for field-level encryption already exists.

The maximum size of a profile for field-level encryption was exceeded.

The specified profile for field-level encryption doesn't exist.

The maximum number of encryption entities for field-level encryption have been created.

The maximum number of field patterns for field-level encryption have been created.

A complex data type that includes the profile configurations and other options specified for field-level encryption.

The specified configuration for field-level encryption doesn't exist.

No profile specified for the field-level encryption query argument.

The maximum number of content type profiles for field-level encryption have been created.

The maximum number of query arg profiles for field-level encryption have been created.

The IDs for the distribution resources.

A distribution tells CloudFront where you want content to be delivered from, and the details about how to track and manage content delivery.

The specified configuration for field-level encryption can't be associated with the specified cache behavior.

The default root object file name is too big or contains an invalid character.

An invalid error code was specified.

Your request contains forward cookies option which doesn't match with the expectation for the whitelisted list of cookie names. Either list of cookie names has been specified when not allowed or list of cookie names is missing when expected.

A CloudFront function association is invalid.

The specified geo restriction parameter is not valid.

The headers specified are not valid for an Amazon S3 origin.

The specified Lambda@Edge function association is invalid.

The location code specified is not valid.

The minimum protocol version specified is not valid.

The keep alive timeout specified for the origin is not valid.

The read timeout specified for the origin is not valid.